So… To visualize this whole scheme, let’s assume that we have a file "Proga.exe ", the hash of which has been checked for virustotal, and has the following results:
Verdict: 10 antiviruses (of which 3 are reputable) are considered malicious. Spyshelter action: The user receives a pop-up notification and makes the decision himself.
from 3 to 9 antiviruses (of which 2 are reputable) are considered malicious. Spyshelter action: The user receives a pop-up notification and makes the decision himself.
from 3 to 9 antiviruses (without reputable antiviruses). Spyshelter action: ignoring, the user does not receive notifications.
10 or more detections (without reputable antiviruses). Spyshelter action: The user receives a pop-up notification and makes the decision himself.
1-2 detections (with or without reputable antiviruses). Spyshelter action: ignoring, the user does not receive notifications.
Of course, this is an approximate scheme that can be developed in more detail, but this is an approximate option that is secretly used by many users who check downloaded files for virustotal. A scheme that includes two key factors: 1) the number of detections and 2) the presence of reputable antiviruses with a worldwide reputation in the verdict on the malware of the file.
It is sad. But then how does the Autoruns program (if the user activates this function) automatically check the hashes for virustotal and output the result opposite each file?
Then is it possible to make a separate “Check for virustotal” button opposite, for example, programs without a digital signature, or with a suspicious digital signature, or in general opposite all programs as a function (as it was implemented in HitmanPro).
Another question. The old version of spishelter had audio interception protection and clipboard protection. Will these functions be present separately in the new spyshelter?
I need to read your longer message and think first before responding, sorry for the delay.
We plan to have the webcam/mic feature in the next update that’s back and fully functional, due to Windows changes. For the clipboard, we saw it became impossible, then suddenly it started to work again so we’re still investigating what’s going on with Windows there.
Yes, I think what you write sounds completely logical and makes sense. I have noticed lately that VirusTotal is cracking down on who is allowed to use their APIs, and how they can use it.
Did you notice if Hitman Pro still has this functionality with VT?
Meanwhile, we did purposely make all the hashes visible for all executables, and easy to copy/paste, so anyone can quickly check them with VT, but… of course if the file has never been to VT then that can be an issue. You’d have to upload it manually from your PC.
But yes, overall I think your idea is very cool and our team will discuss it. The only issue is what VT allows lately, and if our users are willing to get their own VT API keys or not, because the last I heard VT won’t allow us to use our own key for this feature.
I enjoy VT a lot though so I understand and agree with you.
I haven’t used Hitman Pro for about one and a half to two years, so yes, indeed, the situation with checking for Virustotal through the context menu could change. It is a pity if the rules have been tightened to such an extent that such a check can no longer be carried out in any program.
If I remember correctly, I believe it’s more related to paying for licensing. If you want to use their API then you should pay significant fees. Therefore many apps have moved to having the user use their own API key, or just strip out VirusTotal all together.
But currently with SpyShelter, please note anyone can quickly check an .exe with VirusTotal by clicking the .exe icon, then finding its hash, then pasting it into the VT website. I posted this earlier, but I am posting it again in case others are reading this in order to help them.
We will keep watch over their policies and see if it’s possible to add VT functionality in the future as you suggest, and our team will discuss the other ideas you posted.
Thanks. Another question I wanted to ask is about Spyshelter’s self-defense. In the old classic version, there was even an option called “reducing self-defense to prevent conflicts” or something like that. It was also possible to block the user from disabling the program using the task Manager. Will these options be implemented in the new version? Will the self-defense function of the program be implemented as an option with a checkbox, as it is implemented in antivirus programs?
We have some sort of self defense that prevents modifications of our settings and some other things already.
We’ll consider bringing back a lock-down mode if users request it and feel it’s necessary. We’re trying to avoid system issues where SpyShelter can’t work correctly at all, or often requires reboots to do any updates, and these lock down modes can cause problems like that. Lock down modes can also look like malware, causing false positives, and causing other security programs to quarantine us.
I asked my French friend on the Malwaretips forum to test the new Spyshelter. It tests all antiviruses and security programs both on a package of old malware and on fresh Trojans. Fresh malware was used in this test.
Perhaps if either an automatic sandbox mechanism (or the “rights restriction” mechanism that was in the old version) for unknown programs or digitally signed programs from little-known/unknown publishers had been implemented in the Spyshelter, or the user would have been recommended to run the program in a limited environment, the result would have been better.
Considering that Spyshelter is a program to help antivirus, and also detects primarily spyware (antispyware), the result shown can be considered not bad.
The final result and the conclusion of the tester: SpyShelter can provide a second level of protection to support your antivirus software. Unfortunately, I find that the settings are rather inconclusive and contain little information, which can be misleading. There is also a version of the settings in which SpyShelter manages everything on its own, but authorizes everything it doesn’t know about, which I strongly recommend against. Under no circumstances should this be used as the only protection, as it is not enough.
You can view the video of the test HERE.
In fact, we noticed this testing taking place when it happened because we noticed a large amount of malware was detected that day. You can see on the video it took place on February 14, 2024 when SpyShelter was still in Beta, and did not yet detect PUPs. Just look at the bottom right corner of the video.
Therefore, if the person might consider testing again then they would probably find we detected the things that were PUPs.
Also, yes, it’s absolutely true that our different modes have different levels of protection. “Easy” mode has the least, and “Paranoid” the most protection.
I wanted to respond quickly, but I will watch the video again more carefully and go over it with our team and give more feedback again later.